ci: Update workflows to use actions that don't need organization secrets #13991
Conversation
Each repository can only have 100 organization secrets and there are now more than 100 in our organization which causes inconsistent behavior. Some repositories don't have the secrets they need assigned. These composite actions use secrets stored in Vault that are available to all repositories. - `publish-technical-documentation-next.yml` has been tested with https://github.com/grafana/writers-toolkit/blob/main/.github/workflows/publish-technical-documentation.yml. - `publish-technical-documentation-release.yml` has been tested with https://github.com/grafana/backend-enterprise/blob/gem-release-2.13/.github/workflows/publish-technical-documentation-release.yml. There is some copy-paste involved in the creation of these workflows. Please check: For `publish-technical-documentation-next.yml`: - [ ] The `on.push` `branches` and `paths` filters are correct for your repository. - [ ] The `jobs.sync.if` repository matches your repository. - [ ] The `jobs.sync.steps[1].with.website_directory` matches the directory you publish to in the website repository. For `publish-technical-documentation-release.yml`: - [ ] The `on.push` `branches`, `tags`, and `paths` filters are correct for your repository. - [ ] The `jobs.sync.if` repository matches your repository. - [ ] The `jobs.sync.steps[1].with.release_tag_regexp` regular expression matches your tags and captures major, minor, and patch versions from those tags. - [ ] The `jobs.sync.steps[1].with.release_branch_regexp` regular expression matches your release branch names and captures major and minor versions from those branch names. - [ ] The `jobs.sync.steps[1].with.release_branch_with_patch_regexp` regular expression matches your release branch names if they were to include a patch version, and that it would capture major, minor, and patch versions from those branch names. - [ ] The `jobs.sync.steps[1].with.website_directory` matches the directory you publish to in the website repository. We'll also need to backport this to any branches where you are maintaining documentation that you want synced to the website. Signed-off-by: Jack Baldry <jack.baldry@grafana.com>
jdbaldry
changed the title
|
@jdbaldry Will we need to backport these changes? |
|
Yeah, ideally to any branch that you are currently maintaining |
jdbaldry
changed the title
|
Hello @JStickler!
Please, if the current pull request addresses a bug fix, label it with the |
|
Hello @JStickler!
Please, if the current pull request addresses a bug fix, label it with the |
1 similar comment
|
Hello @JStickler!
Please, if the current pull request addresses a bug fix, label it with the |
|
This PR must be merged before a backport PR will be created. |
|
Will need a repo maintainer to merge this, I don't have permissions |
JStickler
deleted the
jdb/2024-08-update-publish-workflows-to-avoid-org-secrets
branch
What this PR does / why we need it:
Each repository can only have 100 organization secrets and there are now more than 100 in our organization which causes inconsistent behavior.
Some repositories don't have the secrets they need assigned.
These composite actions use secrets stored in Vault that are available to all repositories.
publish-technical-documentation-next.ymlhas been tested with https://github.com/grafana/writers-toolkit/blob/main/.github/workflows/publish-technical-documentation.yml.publish-technical-documentation-release.ymlhas been tested with https://github.com/grafana/backend-enterprise/blob/gem-release-2.13/.github/workflows/publish-technical-documentation-release.yml.Which issue(s) this PR fixes:
Fixes https://github.com/grafana/technical-documentation/issues/979
Special notes for your reviewer:
There is some copy-paste involved in the creation of these workflows. Please check:
For
publish-technical-documentation-next.yml:on.pushbranchesandpathsfilters are correct for your repository.jobs.sync.ifrepository matches your repository.jobs.sync.steps[1].with.website_directorymatches the directory you publish to in the website repository.For
publish-technical-documentation-release.yml:on.pushbranches,tags, andpathsfilters are correct for your repository.jobs.sync.ifrepository matches your repository.jobs.sync.steps[1].with.release_tag_regexpregular expression matches your tags and captures major, minor, and patch versions from those tags.jobs.sync.steps[1].with.release_branch_regexpregular expression matches your release branch names and captures major and minor versions from those branch names.jobs.sync.steps[1].with.release_branch_with_patch_regexpregular expression matches your release branch names if they were to include a patch version, and that it would capture major, minor, and patch versions from those branch names.jobs.sync.steps[1].with.website_directorymatches the directory you publish to in the website repository.We'll also need to backport this to any branches where you are maintaining documentation that you want synced to the website.